Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0;...
Recently in the United States Congress, Representative Edolphus Towns of New York introduced a bill (HR 4098) to ban P2P file-sharing on US government, and government contractor computers. This bill was likely prompted by the reckless loss of sensitive government documents through P2P networks including information about the Joint Strike Fighter and Marine One.
Congressman Towns had sent a letter to the Attorney General and the CEO of Lime Corp at that time requesting information. I applaud Congressman Towns' actions and hope to see quick passage of something that seems so obvious... Computers containing sensitive government data have no need for file-sharing software, which is typically used for sharing music, movies, and pirated software. I don't wish to demonize P2P, as I use it regularly to download Linux distributions and other legitimate content, but the bill has a provision for authorized use where necessary.
What's interesting here is that by governmental standards they seem to be taking quick action to close this gaping hole in our national security. The bigger question is, what are you doing to ensure your sensitive corporate data, and the personally identifiable information of your staff and clients is protected against leakage via file-sharing networks?
In working with companies, I find that most IT departments have a policy against the use of P2P programs in the workplace. Like with many other rules though it is not monitored and there is no enforcement mechanism available to prevent their use. In addition to using the integrated application control technology in Sophos Endpoint Security and Data Protection, administrators should look to how they handle sensitive data and their firewall configurations.
With the risk of client applications sending off sensitive data, users loading more and more portable applications that do not require administrative privileges to install, and the absolutely huge risk presented by websites being compromised (3.6 per second) our firewalls should be blocking all outbound ports from within our walls.
Sending email and browsing the web are the most common applications users need to use on business networks, and that traffic should be filtered at the edge. The network edge is the most common point for both data leakage and bots sending off stolen information to criminals who prey on our users. Appliance-based or gateway DLP solutions often are unable to look for content in the fragmented packets of P2P traffic, so another approach is necessary.
Another concern is why were these sensitive documents not encrypted? At a minimum simple file-based encryption would ensure accidental sharing would not compromise the secrecy of the stolen documents. Can you say the same for your critical data? I often recommend users not only encrypt their hard disks, but also ensure that extra sensitive information like personally identifiable information be file or folder encrypted as well. This way if the file is lost or stolen, at least it is no longer accessible to third parties.
Don't let your company react to the threat of P2P file-sharing and data leakage slower than the US government. Look to the technologies available to you and find a way of giving that P2P policy some teeth.
This article was written by Chester Wisniewski of Sophos and is published here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware protection.
What You Should Know About the EB-5 Investor Visa Process
This article will address important aspects of the EB-5 Investor Visa Program that you should be aware of when preparing to go through the application process.
How to attain a Green Card Through the EB-5 Investor Visa Program
This article will summarize the steps necessary to obtain an EB-5 Investor Visa.
iPhone Apps For Children: Maybe you should hand your kids your iPhone, after all
Many applications for the iPhone are well suited for children. This articles explores a number of these Apps.
